What Is Flexbooker?
James and Andrew Ford founded FlexBooker in 2014. They wanted to bring an easy-to-use, yet sophisticated and powerful appointment management solution to small and large businesses. With no technical expertise required, users can, for example, receive and manage online appointments, right from their own website. Furthermore, most calendar software is compatible with FlexBooker. The company is growing rapidly. According to FlexBooker, they already helped “thousands of business locations and millions of their customers.” FlexBooker is also becoming a strong competitor for Square Appointments, a similar solution offered by financial services and digital payments company, Square, which recently bought Australian fintech AfterPay for $29 billion. The Fords are no strangers to building cloud-based solutions. In 2009 they built a SaaS-based restaurant table management, reservation, and waitlist platform called Save My Table. After selling Save My Table to Scripps Networks Interactive in 2011, they integrated the web-based restaurant table management solution into CityEats.com.
What Happened?
In total, the intruder compromised 3,756,794 accounts. The compromised data included email addresses, names, phone numbers, and, for some accounts, password hashes and partial credit card data. 69% of the stolen data is already available in HIBP’s database. Apparently, the same gang is also offering databases from two other organizations on the dark web, both based in Australia: thoroughbred racing media company Racing.com and client and case management software company rediCASE.
What Happens Now?
FlexBooker notified users of the data security incident, adding that the hacker did not access credit card or other payment card information. They did, however, warn users to stay vigilant and to monitor their accounts for any suspicious or fraudulent activity. A separate report on a massive DDoS attack that occurred on 24 December is now resolved. A range of professionals now use FlexBooker. From accountants, barbers, doctors, dentists, and lawyers, to mechanics, gyms, beauty salons, therapists, trainers, and others. Global companies like Chipotle, Krewe, Bausch + Lomb, and GoDaddy also use the tool. Some major DIY and hardware stores even offer click and collect pickups using FlexBooker. However, customers of these businesses, who simply used the software to book an appointment, for example, did not receive a notification. They will need to check for themselves if their data was part of the FlexBooker breach by seeing if their email is listed on Have I Been Pwnd.
